As you may have already heard, 11:11 Systems is focusing in on the NIST CyberSecurity Framework as part of global CyberSecurity Awareness Month. This framework outlines a full security strategy for any company or organization to proactively identify and protect against security threats, and detect breaches when they do happen. This enables the organization to respond appropriately in order to recover from any damages with minimal impact.
This post focuses on the “Protect” function of the NIST framework. In Jim’s post, we looked at the Identify function as a way to analyze and evaluate security threats that may be present in your organization, from its core internal structure all the way through external elements (such as your supply chain). The Protect function takes that output and uses it to construct technology and procedures that safeguard your data and services against those threats.
The intent of these safeguards is twofold:
- Proactively shield your organization against cybersecurity events
- Limit or contain the impact of a potential cybersecurity event
Building the Phalanx
Just like each of the other four functions of the NIST framework, protecting your organization from cybersecurity threats is an ongoing effort. We can break that effort down into a handful of different categories, which we will go over below. More important than the actual ways in which you implement these controls, however, is that they must all work together to protect your entire organization.
The Phalanx was an ancient Greek battle formation made up of hoplite soldiers wielding overlapping shields. Each shield protected not only the hoplite bearing it, but also those behind them — meaning each shield in the wall is critical. If there is a gap between shields, the entire unit is compromised. Encryption by itself does nothing to protect your services if your staff is not trained to avoid plugging in USB disks they find on the street. Overlap between protections also enables your Security team to better contain the impact of a potential breach.
Each of 11:11 Systems’ services is designed to work in this way. Managed Security services such as Managed EDR, Managed Firewall, and Managed SIEM allow our SOC to implement controls that map to several of the categories below. Data security is built into the DNA of our BaaS, DRaaS, and IaaS services through design, architecture, and best-of-breed solutions. Working with 11:11 can act as a force multiplier for your IT and security teams to implement a better, safer cybersecurity protection plan.
Types of Protection
Identity Management, Authentication and Access Control
Hopefully most of us are utilizing Multi-Factor Authentication at the very least. In 2022, that is the minimum requirement to be considered even remotely secure. However, you would be mistaken for thinking that MFA is the end-all-be-all of authentication. The Identity Management landscape has exploded in the past five years, growing to include micro-segmentation and Zero-Trust Network Access (ZTNA). For many organizations, the simplest solution to Identity Management is to leverage a third-party vendor such as Duo or Okta to authenticate users. Keep in mind that this type of control also extends all the way to the edge of your service architecture, including how your service reacts to externalities such as DDOS attacks.
Awareness and Training
The user will always be the weakest point in a cybersecurity protection plan, enough so that some security administrators fall into the trap of thinking that your users are actively working against you. In reality, users simply have other things to worry about: job functions, home life, what to eat for lunch that day … any number of things that most folks would consider ahead of cybersecurity. A small amount of training can go a long way towards reducing your company’s vulnerability towards Phishing or other attacks from 60 percent to under 10 percent in 12 months. Security Awareness Training is a crucial tool to educate your users on an ongoing basis.
Data is at the core of any service, and securing it is an incredibly wide and diverse discipline. Data can be in one of two states: at-rest, or in-flight. Security for data that is at-rest is mostly understood as encryption. While simple in principle, the encryption method for your data must allow you at minimum to retrieve it when needed, preferably quickly and automatically. That means it is important to make sure you understand all of the different places your data ends up so that you can be sure it gets encrypted every step of the way. Data in-flight is somewhat more difficult to encrypt and secure, but with a properly-configured Next-Generation Firewall you can mitigate much of this risk. 11:11 offers a Managed Firewall solution to secure the data entering and leaving your organization. Finally, if your service includes a public-facing component, you will need to understand certificate and key management in order to operate at scale.
Your servers and endpoints are where your security policies are actually implemented, and there are many point solutions that protect this part of your security landscape. You can assemble features like Group Policy, Mobile Device Management, and Application Whitelists into a security strategy. Your Next-Generation Firewall will also act as a protective layer. However, since the protective layer built into most endpoints is simply not sufficient for protection against the modern cyber threat landscape, part of your Protective Technology plan should include a Next-Generation Anti-Malware solution (such as 11:11’s Managed EDR platform). This acts not only as a prophylactic, but also ties in with the other NIST functions – strengthening the phalanx.
Information Protection Processes and Procedures
In the end, the safety measures we have gone over so far are all governed by your organization’s processes and procedures. This is how the careful planning you have done in designing your security posture are realized. Once your security policies are planned, and you know the way in which you want to implement them, you must then enact those changes.
Security-focused Configuration Management Phases
Finally, you will need to monitor that those changes actually happen, and that your environment is more secure because of them. To assist in Monitoring, 11:11 offers Managed SIEM and Continuous Risk Scanning to provide deep visibility to your environment. With these tools you can validate that your configuration changes generate real-world results.
There are a huge number of security policies that you can implement in organizations of any size: encryption specifications, vulnerability scanning policies, device guidelines, resiliency guidelines … the list goes on. But you don’t need to get bogged down in the sheer number. Just keep in mind that the more you can put down in writing, the closer your organization will be able to follow your vision for its cybersecurity posture.
From the First Shield to the Last
Building your first NIST-compatible cybersecurity protection plan may seem daunting. Just remember: Your cybersecurity posture is a perpetual process, not a one-time setup. The reality is that attempting to shore up an entrenched poor security posture can be more difficult than just starting from scratch with a solid plan. You may be a small enterprise looking to start strong, or an established organization that needs an upgrade. You may even be looking to revamp your security policy in the aftermath of a breach. No matter your starting point, 11:11 Systems has the tools and expertise to help protect your data and services.